This repository has been archived on 2021-07-02. You can view files and clone it, but cannot push or open issues or pull requests.
chie/public/posting.php

151 lines
6.1 KiB
PHP

<?php
require_once '../startup.php';
include_once '_category.php';
include_once '_user.php';
include_once '_topics.php';
include_once '_posts.php';
if(!session_active()) {
header('Location: /login?m=forbidden');
return;
}
$userInfo = user_info(current_user_id());
$categoryId = isset($_GET['cat']) && is_string($_GET['cat']) && ctype_digit($_GET['cat']) ? (int)$_GET['cat'] : 0;
$topicId = isset($_GET['topic']) && is_string($_GET['topic']) && ctype_digit($_GET['topic']) ? (int)$_GET['topic'] : 0;
$postId = isset($_GET['post']) && is_string($_GET['post']) && ctype_digit($_GET['post']) ? (int)$_GET['post'] : 0;
if($postId > 0) {
$postInfo = post_info($postId);
if(empty($postInfo))
die_ex('Post not found.', 404);
if($postInfo['post_type'] != FMF_POST_TYPE_MESSAGE)
die_ex('This is not a message.', 400);
if(!$userInfo['user_moderator'] && $userInfo['user_id'] != $postInfo['user_id'])
die_ex('You aren\'t allowed to edit this post.', 403);
$categoryId = $postInfo['cat_id'] ?? 0;
$topicId = $postInfo['topic_id'] ?? 0;
$postId = $postInfo['post_id'] ?? 0;
$postText = $postInfo['post_text'] ?? '';
} else {
$postId = 0;
}
if($topicId > 0) {
$topicInfo = topic_info($topicId);
if(empty($topicInfo))
die_ex('Topic not found.', 404);
$categoryId = $topicInfo['cat_id'] ?? 0;
$topicId = $topicInfo['topic_id'] ?? 0;
} else {
$topicId = 0;
}
$categoryInfo = category_info($categoryId);
if(empty($categoryInfo)) {
die_ex('Category does not exist.', 404);
}
if($categoryInfo['cat_type'] != 0) {
die_ex('This category cannot hold topics.');
}
if(isset($topicInfo)) {
if(!empty($topicInfo['topic_locked']) && !$userInfo['user_moderator']) {
die_ex('You may not respond to locked topics.', 403);
}
}
$title = isset($topicInfo) ? ((isset($postInfo) ? 'Editing reply to ' : 'Replying to ') . $topicInfo['topic_title']) : ('Creating a topic in ' . $categoryInfo['cat_name']);
if(isset($_POST['text']) && CSRF::verify()) {
$postTitle = isset($_POST['title']) && is_string($_POST['title']) ? $_POST['title'] : '';
$postText = trim(is_string($_POST['text']) ? $_POST['text'] : '');
$postLen = mb_strlen($postText);
if($postLen < 10) {
$error = 'Post content must be longer than 10 characters.';
} elseif($postLen > 50000) {
$error = 'Post content may not be longer than 50000 characters.';
} else {
if(!isset($topicInfo)) {
$titleLen = mb_strlen($postTitle);
if($titleLen < 5) {
$error = 'Topic titles must be longer than 5 characters.';
} elseif($titleLen > 100) {
$error = 'Topic titles may not be longer than 100 characters.';
} else {
$topicId = create_topic($categoryInfo['cat_id'], current_user_id(), $postTitle);
if($topicId < 1) {
$error = 'Failed to create topic.';
} else {
$topicInfo = topic_info($topicId);
$satoriMsg = "[b]forum.flash.moe[/b]: [url=https://forum.flash.moe/user/{$userInfo['user_id']}][b]{$userInfo['user_login']}[/b][/url] created topic [url=https://forum.flash.moe/topic/{$topicId}][b]{$topicInfo['topic_title']}[/b][/url]";
}
}
}
if(!isset($error) && !isset($message)) {
if(isset($postInfo)) {
post_update($postInfo['post_id'], $postText);
} else {
$postId = create_post($categoryInfo['cat_id'], $topicInfo['topic_id'], current_user_id(), $postText);
topic_bump($topicInfo['topic_id'], $postId, !empty($topicInfo['topic_resolved']));
category_bump($categoryInfo['cat_id'], $postId, isset($titleLen));
if(!isset($satoriMsg))
$satoriMsg = "[b]forum.flash.moe[/b]: [url=https://forum.flash.moe/user/{$userInfo['user_id']}][b]{$userInfo['user_login']}[/b][/url] replied to [url=https://forum.flash.moe/post/{$postId}][b]{$topicInfo['topic_title']}[/b][/url]";
}
if(defined('SATORI_SECRET') && !empty($satoriMsg)) {
$sock = @fsockopen(SATORI_HOST, SATORI_PORT, $errno, $errstr, 2);
if($sock) {
fwrite($sock, chr(0xF) . hash_hmac('sha256', $satoriMsg, SATORI_SECRET) . $satoriMsg . chr(0xF));
fflush($sock);
fclose($sock);
}
}
$postUrl = isset($titleLen) ? "/topic/{$topicInfo['topic_id']}" : "/post/{$postId}";
header("Location: {$postUrl}");
return;
}
}
}
include FMF_LAYOUT . '/header.php';
$breadcrumbs = category_breadcrumbs($categoryInfo['cat_id'], empty($topicInfo));
echo '<a href="/">forum.flash.moe</a> &raquo; ';
foreach($breadcrumbs as $breadcrumb)
printf('<a href="/category/%d">%s</a> &raquo; ', $breadcrumb['cat_id'], $breadcrumb['cat_name']);
echo '<h3><a href="' . (empty($topicInfo) ? ('/category/' . $categoryInfo['cat_id']) : ('/topic/' . $topicInfo['topic_id'])) . '">' . ($topicInfo['topic_title'] ?? $categoryInfo['cat_name']) . '</a></h3>';
?>
<form class="posting-form" method="post" action="">
<?=CSRF::html();?>
<?php if(isset($error) || isset($message)) { ?>
<div class="posting-message<?php if(isset($error)) { echo ' posting-message-error'; }?>"><?=($error ?? $message);?></div>
<?php } ?>
<div class="posting-header">
<input type="text" <?php if(empty($topicInfo)) { ?>value="<?=htmlentities($postTitle ?? '');?>" name="title" class="posting-title" tabindex="1"<?php } else { ?>value="Re: <?=$topicInfo['topic_title'];?>" class="posting-title posting-title-disabled" disabled readonly<?php } ?>/>
<input type="submit" value="<?=(empty($postInfo) ? (empty($topicInfo) ? 'Post' : 'Reply') : 'Edit');?>" class="posting-submit" tabindex="3"/>
</div>
<textarea name="text" class="posting-text" tabindex="2"><?=htmlentities($postText ?? '');?></textarea>
<a href="https://guides.github.com/features/mastering-markdown/" style="font-size: .9em;" target="_blank" rel="noopener">Markdown supported</a>
</form>
<?php
include FMF_LAYOUT . '/footer.php';